[unisog] DShield and Symantec report MSBlast in wild
flynngn at jmu.edu
Tue Aug 12 04:43:23 GMT 2003
Edward W. Ray wrote:
> While this is illegal, and no site should be DDoSed off the web, I find the
> fact that the worm slams the M$ site rather amusing :)
> So much for Windows 2003 being "Secure by Default."
One hopes that all vendors will learn that shipping a system
with listening ports these days is foolhardy. You can't get
the patches before you get infected/hacked anymore.
And I don't just mean Microsoft. Unix's portmapper and related
RPC services, NTP, plug-n-play, nothing should be turned on by
default that opens a door on the network.
BTW, I wonder what lawyers will make of the fact that Microsoft's
security bulletin says:
"RPC over UDP or TCP is not intended to be used in hostile environments
such as the Internet"
And it was shipped that way why?
Is it time for a product recall of all defective CDs from registered
owners and the supply chain? Otherwise, consumers go out and buy a new
PC or OS CD, take it home, and promptly get infected.
Security Engineer - Technical Services
James Madison University
More information about the unisog